Last updated 23.5.2018
1. DATA CONTROLLER
The data controller in accordance with the applicable data protection law is Exove Oy (hereinafter together “Exove”, “we”, “us” or “our”). Exove is responsible for ensuring that your personal data is processed in compliance with this Policy and applicable data protection laws.
Contact details of the data controller:
Business ID: 2040509-9
Address: Itämerenkatu 1, 00180 Helsinki
Phone: +358 9 3158 9020
Contact details of the privacy manager:
Kalle Varisvirta, Technology Director
Address: Itämerenkatu 1, 00180 Helsinki
Phone: +358 9 3158 9020
2. COLLECTION OF PERSONAL DATA
We may collect your personal data through different means, which are explained below. As a rule, the personal data processed by us is provided by you upon registration and/or when using the Services. The personal data we collect includes e.g. the following categories of data:
- Name, title and role in the company presented;
- Contact details, such as email address and phone number;
- Information relating to client relationship, such as billing information;
- Social media contact details to services such as Twitter, LinkedIn and Skype; and
- Client interaction, client contacts and replies, including requests/queries through ticketing system.
We may also collect technical data on the use of the Services, which may be associated with you. The technical data we collect includes e.g. the following categories of data:
- IP addresses, time stamps and log data relating to the use of the Services; and
- Device ID, device type, operating system used and application settings.
3. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
We process personal data for the following purposes:
1. Service provision and managing your client relationship
The primary purpose of collecting personal data is to provide the Services and to manage and maintain the client relationship between us and you/the company you represent. In this case, our processing of personal data is based on the contract between you/the company you represent and us.
We may send you emails to inform you about new features of the Services, ask you for feedback, or provide you other relevant information about our services. In this respect, processing of personal data is based on our legitimate interest to provide you relevant information as part of the Services and to promote the Services to you. You may object to marketing communications at any time (please see section 8 of this Policy).
3. Service development and information security
We also process personal data to ensure the security of the Services, to improve the quality of the Services and to develop new features to the Services. In these cases, the processing of personal data is our legitimate interest to ensure that our Services has an adequate level of data security, and that we have sufficient and relevant information at hand to develop our Services.
4. TRANSFERS AND DISCLOSURES OF PERSONAL DATA
We may disclose personal data to third parties:
- when permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
- when our trusted services providers provide services to us on behalf of us and under our instructions. We will control and be responsible for the use of your personal data at all times;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets; and
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EEA
Some of our services are transferring personal data from EU/EEA to the United States. In such transfers we only rely on services that comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, European Economic Area, and Switzerland to the United States. (Learn more about Privacy Shield at www.privacyshield.gov)
7. RETENTION OF PERSONAL DATA
Your personal data will be retained only for as long as necessary to fulfill the purposes defined in this Policy.
Most of your personal data will be retained during the course of your client relationship with Exove Oy. Some personal data might be retained after your client relationship with us has ended, if required or allowed by applicable laws. When your personal data is no longer required by law or rights or obligations by either party, we will delete your personal data.
8. YOUR RIGHTS
You have a right to access personal data we process about you. You may access, correct, update, change or remove your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, you may not remove such personal data.
You have a right to object for certain processing. To the extent required by applicable data protection law, you have a right to restrict data processing.
You have a right to data portability, i.e. right to receive your personal data in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.
Please send above-mentioned requests to us at email@example.com.
If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. In Finland, that is Tietosuojavaltuutetun toimisto. You can find contact details of Tietosuojavaltuutetun toimisto here: http://www.tietosuoja.fi/fi/index/yhteystiedot.html.
We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to authorized employees and contractors who need to know the information in the course of their work tasks.
Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.
10. CHANGES TO THIS POLICY
We may change this Policy from time to time. If we make any changes to this Policy, we will let you know it on our website at www.exove.com, where you will also find the latest version of this Policy.
11. CONTACT US
If you have any questions regarding this Policy or the personal data we process about you, please contact us at firstname.lastname@example.org.